diff --git a/api/functions.php b/api/functions.php index b0e6d09..1f41d85 100644 --- a/api/functions.php +++ b/api/functions.php @@ -55,24 +55,22 @@ function authenticate(): bool { global $VARS; // HTTP basic auth if (!empty($_SERVER['PHP_AUTH_USER']) && !empty($_SERVER['PHP_AUTH_PW'])) { - $user = User::byUsername($_SERVER['PHP_AUTH_USER']); - if (!$user->checkPassword($_SERVER['PHP_AUTH_PW'])) { - return false; - } - return true; - } - // Form auth - if (empty($VARS['username']) || empty($VARS['password'])) { - return false; - } else { + $username = $_SERVER['PHP_AUTH_USER']; + $password = $_SERVER['PHP_AUTH_PW']; + } else if (!empty($VARS['username']) && !empty($VARS['password'])) { $username = $VARS['username']; $password = $VARS['password']; - $user = User::byUsername($username); - if ($user->exists() !== true || Login::auth($username, $password) !== Login::LOGIN_OK) { - return false; - } + } else { + return false; + } + $user = User::byUsername($username); + if (!$user->exists()) { + return false; + } + if ($user->checkPassword($password, true)) { + return true; } - return true; + return false; } /** diff --git a/api/index.php b/api/index.php index 8875860..23cb28c 100644 --- a/api/index.php +++ b/api/index.php @@ -10,6 +10,8 @@ require __DIR__ . '/../required.php'; require __DIR__ . '/functions.php'; require __DIR__ . '/apisettings.php'; +header("Access-Control-Allow-Origin: *"); + $VARS = $_GET; if ($_SERVER['REQUEST_METHOD'] != "GET") { $VARS = array_merge($VARS, $_POST); diff --git a/lib/FormBuilder.lib.php b/lib/FormBuilder.lib.php index 35e8fe3..13567cc 100644 --- a/lib/FormBuilder.lib.php +++ b/lib/FormBuilder.lib.php @@ -178,7 +178,10 @@ HTMLTOP; } $itemhtml = ""; $itemlabel = ""; - if ($item['type'] != "checkbox") { + + if ($item['type'] == "textarea") { + $itemlabel = ""; + } else if ($item['type'] != "checkbox") { $itemlabel = ""; } $strippedlabel = strip_tags($item['label']); @@ -186,13 +189,16 @@ HTMLTOP; \n\n
$itemlabel -
+ITEMTOP; + $inputgrouptop = <<
-ITEMTOP; +INPUTG; switch ($item['type']) { case "select": + $itemhtml .= $inputgrouptop; $itemhtml .= <<"; break; case "checkbox": + $itemhtml .= $inputgrouptop; $itemhtml .= << @@ -213,7 +220,14 @@ SELECT;
CHECKBOX; break; + case "textarea": + $val = htmlentities($item['value']); + $itemhtml .= << +TEXTAREA; + break; default: + $itemhtml .= $inputgrouptop; $itemhtml .= << INPUT; @@ -227,9 +241,11 @@ INPUT;
ERROR; } + if ($item["type"] != "textarea") { + $itemhtml .= "\n
"; + } $itemhtml .= << - +\n \n ITEMBOTTOM; $html .= $itemhtml; @@ -242,7 +258,7 @@ ITEMBOTTOM; HTMLBOTTOM; if (!empty($this->buttons)) { - $html .= "\n
"; + $html .= "\n
"; foreach ($this->buttons as $btn) { $btnhtml = ""; $inner = " $btn[text]"; diff --git a/lib/User.lib.php b/lib/User.lib.php index edc3127..f7889f8 100644 --- a/lib/User.lib.php +++ b/lib/User.lib.php @@ -101,10 +101,16 @@ class User { /** * Check the given plaintext password against the stored hash. * @param string $password + * @param bool $apppass Set to true to enforce app passwords when 2fa is on. * @return bool */ - function checkPassword(string $password): bool { - return password_verify($password, $this->passhash); + function checkPassword(string $password, bool $apppass = false): bool { + $resp = AccountHubApi::get("auth", ['username' => $this->username, 'password' => $password, 'apppass' => ($apppass ? "1" : "0")]); + if ($resp['status'] == "OK") { + return true; + } else { + return false; + } } /**